From 0dba26b43fb673a3bc6f25a84fee46c2c4e0ddb4 Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Tue, 28 May 2024 10:50:23 +0300
Subject: [PATCH] Upgrade ansible-role-docker (7.1.0 -> 7.2.0) and add
 migration task for old installations

Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3337
- https://github.com/geerlingguy/ansible-role-docker/pull/436
- https://github.com/spantaleev/matrix-docker-ansible-deploy/commit/3a4e58c34de590e927a9f2d5dc87d765873b3cfd
---
 .../mash/playbook_migration/defaults/main.yml | 11 +++++++++++
 ...cker_trusted_gpg_d_migration_migration.yml | 19 +++++++++++++++++++
 roles/mash/playbook_migration/tasks/main.yml  | 10 ++++++++++
 templates/requirements.yml                    |  2 +-
 templates/setup.yml                           |  3 ++-
 5 files changed, 43 insertions(+), 2 deletions(-)
 create mode 100644 roles/mash/playbook_migration/defaults/main.yml
 create mode 100644 roles/mash/playbook_migration/tasks/debian_docker_trusted_gpg_d_migration_migration.yml
 create mode 100644 roles/mash/playbook_migration/tasks/main.yml

diff --git a/roles/mash/playbook_migration/defaults/main.yml b/roles/mash/playbook_migration/defaults/main.yml
new file mode 100644
index 0000000..e00ae4e
--- /dev/null
+++ b/roles/mash/playbook_migration/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+
+# Controls if the old apt repository for Docker (`signed-by=/etc/apt/trusted.gpg.d/docker.asc`) will be removed,
+# so that the Docker role (7.2.0+) can install a new non-conflicting one (`signed-by=/etc/apt/keyrings/docker.asc`).
+#
+# Without this migration, the role would choke at the "galaxy/docker : Add Docker repository." task when trying to add the repository again:
+# > An exception occurred during task execution. To see the full traceback, use -vvv. The error was: apt_pkg.Error: E:Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ focal: /etc/apt/trusted.gpg.d/docker.asc != /etc/apt/keyrings/docker.asc, E:The list of sources could not be read.
+#
+# Related to: https://github.com/geerlingguy/ansible-role-docker/pull/436
+mash_playbook_migration_docker_trusted_gpg_d_migration_enabled: true
+mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path: "/etc/apt/sources.list.d/docker.list"
diff --git a/roles/mash/playbook_migration/tasks/debian_docker_trusted_gpg_d_migration_migration.yml b/roles/mash/playbook_migration/tasks/debian_docker_trusted_gpg_d_migration_migration.yml
new file mode 100644
index 0000000..99f8f4b
--- /dev/null
+++ b/roles/mash/playbook_migration/tasks/debian_docker_trusted_gpg_d_migration_migration.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Check if the Docker apt repository file exists
+  ansible.builtin.stat:
+    path: "{{ mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path }}"
+  register: mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path_status
+
+- when: mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path_status.stat.exists | bool
+  block:
+    - name: Read repository file
+      ansible.builtin.slurp:
+        path: "{{ mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path }}"
+      register: mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path_content
+
+    - name: Remove Docker apt repository file if old key path found
+      when: "'/etc/apt/trusted.gpg.d/docker.asc' in mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path_content.content | b64decode"
+      ansible.builtin.file:
+        path: "{{ mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path }}"
+        state: absent
diff --git a/roles/mash/playbook_migration/tasks/main.yml b/roles/mash/playbook_migration/tasks/main.yml
new file mode 100644
index 0000000..d3e0165
--- /dev/null
+++ b/roles/mash/playbook_migration/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- when: ansible_os_family == 'Debian' and mash_playbook_docker_installation_enabled | bool and mash_playbook_migration_docker_trusted_gpg_d_migration_enabled | bool
+  tags:
+    - setup-all
+    - install-all
+    - setup-docker
+    - install-docker
+  block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/debian_docker_trusted_gpg_d_migration_migration.yml"
diff --git a/templates/requirements.yml b/templates/requirements.yml
index 44f1e8d..1d5d0e1 100644
--- a/templates/requirements.yml
+++ b/templates/requirements.yml
@@ -57,7 +57,7 @@
   name: container_socket_proxy
   activation_prefix: devture_traefik_
 - src: git+https://github.com/geerlingguy/ansible-role-docker
-  version: 7.1.0
+  version: 7.2.0
   name: docker
   activation_prefix: mash_playbook_docker_installation_enabled
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-docker-registry.git
diff --git a/templates/setup.yml b/templates/setup.yml
index d964644..8ae12bf 100644
--- a/templates/setup.yml
+++ b/templates/setup.yml
@@ -10,8 +10,9 @@
         - install-all
     # /role-specific:playbook_help
 
-    # No role-specific checks here, as it's a local role that is always installed.
+    # No role-specific checks here. Local roles are always installed.
     - role: mash/playbook_base
+    - role: mash/playbook_migration
 
     # role-specific:systemd_docker_base
     # This role has no tasks at all